changeset 8589:27e66e58150e

8158997: JNDI Protocols Switch Reviewed-by: vinnie
author robm
date Thu, 20 Oct 2016 17:50:47 +0100
parents 3f76846d9a84
children dd4ddb848abc
files src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java src/share/classes/com/sun/jndi/cosnaming/CNCtx.java src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java
diffstat 5 files changed, 110 insertions(+), 6 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java	Tue Aug 16 17:05:00 2016 +0530
+++ b/src/share/classes/com/sun/jndi/cosnaming/CNBindingEnumeration.java	Thu Oct 20 17:50:47 2016 +0100
@@ -35,6 +35,8 @@
 import org.omg.CosNaming.NamingContextPackage.*;
 import org.omg.CORBA.*;
 
+import com.sun.jndi.toolkit.corba.CorbaUtils;
+
 /**
   * Implements the JNDI NamingEnumeration interface for COS
   * Naming. Gets hold of a list of bindings from the COS Naming Server
@@ -213,7 +215,10 @@
         Name cname = CNNameParser.cosNameToName(bndg.binding_name);
 
         try {
+            // Check whether object factory codebase is trusted
+            if (CorbaUtils.isObjectFactoryTrusted(obj)) {
             obj = NamingManager.getObjectInstance(obj, cname, _ctx, _env);
+            }
         } catch (NamingException e) {
             throw e;
         } catch (Exception e) {
--- a/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java	Tue Aug 16 17:05:00 2016 +0530
+++ b/src/share/classes/com/sun/jndi/cosnaming/CNCtx.java	Thu Oct 20 17:50:47 2016 +0100
@@ -37,6 +37,8 @@
 import java.io.InputStreamReader;
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 import org.omg.CosNaming.*;
 import org.omg.CosNaming.NamingContextPackage.*;
@@ -83,6 +85,25 @@
     private static final String FED_PROP = "com.sun.jndi.cosnaming.federation";
     boolean federation = false;
 
+    /**
+     * Determines whether classes may be loaded from an arbitrary URL code base.
+     */
+    public static final boolean trustURLCodebase;
+    static {
+        // System property to control whether classes may be loaded from an
+        // arbitrary URL code base
+        String trust = AccessController.doPrivileged(
+            new PrivilegedAction<String>() {
+                @Override
+                public String run() {
+                    return System.getProperty(
+                               "com.sun.jndi.cosnaming.object.trustURLCodebase",
+                               "false");
+                }
+            });
+        trustURLCodebase = "true".equalsIgnoreCase(trust);
+    }
+
     // Reference counter for tracking _orb references
     OrbReuseTracker orbTracker = null;
     int enumCount;
@@ -536,12 +557,16 @@
             if (name.size() == 0 )
                 return this; // %%% should clone() so that env can be changed
             NameComponent[] path = CNNameParser.nameToCosName(name);
+            java.lang.Object answer = null;
 
             try {
-                java.lang.Object answer = callResolve(path);
-
+                answer = callResolve(path);
                 try {
-                    return NamingManager.getObjectInstance(answer, name, this, _env);
+                    // Check whether object factory codebase is trusted
+                    if (CorbaUtils.isObjectFactoryTrusted(answer)) {
+                        answer = NamingManager.getObjectInstance(
+                            answer, name, this, _env);
+                    }
                 } catch (NamingException e) {
                     throw e;
                 } catch (Exception e) {
@@ -554,6 +579,7 @@
                 javax.naming.Context cctx = getContinuationContext(cpe);
                 return cctx.lookup(cpe.getRemainingName());
             }
+            return answer;
     }
 
     /**
--- a/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java	Tue Aug 16 17:05:00 2016 +0530
+++ b/src/share/classes/com/sun/jndi/cosnaming/ExceptionMapper.java	Thu Oct 20 17:50:47 2016 +0100
@@ -33,6 +33,8 @@
 import org.omg.CosNaming.NamingContextPackage.*;
 import org.omg.CORBA.*;
 
+import com.sun.jndi.toolkit.corba.CorbaUtils;
+
 /**
   * A convenience class to map the COS Naming exceptions to the JNDI exceptions.
   * @author Raj Krishnamurthy
@@ -202,10 +204,13 @@
             // Not a context, use object factory to transform object.
 
             Name cname = CNNameParser.cosNameToName(resolvedName);
-            java.lang.Object resolvedObj2;
+            java.lang.Object resolvedObj2 = null;
             try {
+                // Check whether object factory codebase is trusted
+                if (CorbaUtils.isObjectFactoryTrusted(resolvedObj)) {
                 resolvedObj2 = NamingManager.getObjectInstance(resolvedObj,
                     cname, ctx, ctx._env);
+                }
             } catch (NamingException ge) {
                 throw ge;
             } catch (Exception ge) {
--- a/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java	Tue Aug 16 17:05:00 2016 +0530
+++ b/src/share/classes/com/sun/jndi/rmi/registry/RegistryContext.java	Thu Oct 20 17:50:47 2016 +0100
@@ -32,6 +32,8 @@
 import java.rmi.server.*;
 import java.rmi.registry.Registry;
 import java.rmi.registry.LocateRegistry;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 import javax.naming.*;
 import javax.naming.spi.NamingManager;
@@ -52,6 +54,24 @@
     private int port;
     private static final NameParser nameParser = new AtomicNameParser();
     private static final String SOCKET_FACTORY = "com.sun.jndi.rmi.factory.socket";
+    /**
+     * Determines whether classes may be loaded from an arbitrary URL code base.
+     */
+    static final boolean trustURLCodebase;
+    static {
+        // System property to control whether classes may be loaded from an
+        // arbitrary URL codebase
+        String trust = AccessController.doPrivileged(
+            new PrivilegedAction<String>() {
+                @Override
+                public String run() {
+                    return System.getProperty(
+                               "com.sun.jndi.rmi.object.trustURLCodebase",
+                               "false");
+                }
+            });
+        trustURLCodebase = "true".equalsIgnoreCase(trust);
+    }
 
     Reference reference = null; // ref used to create this context, if any
 
@@ -453,6 +473,27 @@
             Object obj = (r instanceof RemoteReference)
                         ? ((RemoteReference)r).getReference()
                         : (Object)r;
+
+            /*
+             * Classes may only be loaded from an arbitrary URL codebase when
+             * the system property com.sun.jndi.rmi.object.trustURLCodebase
+             * has been set to "true".
+             */
+
+            // Use reference if possible
+            Reference ref = null;
+            if (obj instanceof Reference) {
+                ref = (Reference) obj;
+            } else if (obj instanceof Referenceable) {
+                ref = ((Referenceable)(obj)).getReference();
+            }
+
+            if (ref != null && ref.getFactoryClassLocation() != null &&
+                !trustURLCodebase) {
+                throw new ConfigurationException(
+                    "The object factory is untrusted. Set the system property" +
+                    " 'com.sun.jndi.rmi.object.trustURLCodebase' to 'true'.");
+            }
             return NamingManager.getObjectInstance(obj, name, this,
                                                    environment);
         } catch (NamingException e) {
--- a/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java	Tue Aug 16 17:05:00 2016 +0530
+++ b/src/share/classes/com/sun/jndi/toolkit/corba/CorbaUtils.java	Thu Oct 20 17:50:47 2016 +0100
@@ -36,8 +36,9 @@
 
 import org.omg.CORBA.ORB;
 
-import javax.naming.Context;
-import javax.naming.ConfigurationException;
+import javax.naming.*;
+
+import com.sun.jndi.cosnaming.CNCtx;
 
 /**
   * Contains utilities for performing CORBA-related tasks:
@@ -204,6 +205,32 @@
     }
 
     /**
+     * Check whether object factory code base is trusted.
+     * Classes may only be loaded from an arbitrary URL code base when
+     * the system property com.sun.jndi.rmi.object.trustURLCodebase
+     * has been set to "true".
+     */
+    public static boolean isObjectFactoryTrusted(Object obj)
+        throws NamingException {
+
+        // Extract Reference, if possible
+        Reference ref = null;
+        if (obj instanceof Reference) {
+            ref = (Reference) obj;
+        } else if (obj instanceof Referenceable) {
+            ref = ((Referenceable)(obj)).getReference();
+        }
+
+        if (ref != null && ref.getFactoryClassLocation() != null &&
+                !CNCtx.trustURLCodebase) {
+            throw new ConfigurationException(
+                "The object factory is untrusted. Set the system property" +
+                " 'com.sun.jndi.cosnaming.object.trustURLCodebase' to 'true'.");
+        }
+        return true;
+    }
+
+    /**
      * This method returns a new ORB instance for the given applet
      * without creating a static dependency on java.applet.
      */